Calls grow to make IT equipment makers liable after D.Telekom attack

BERLIN (Reuters) - Leading German politicians have called for IT and telecoms equipment makers to be held liable for cyber attacks, after a failed attempt to hijack consumer router devices caused widespread disruption for Deutsche Telekom customers.

Almost a million of Telekom’s 20 million fixed-line users suffered internet outages on Sunday and Monday due to a botched attempt by unidentified hackers to commandeer customers’ routers to disrupt internet traffic.

Chancellor Angela Merkel warned cyber attacks were a growing part of every day life as more devices get connected to the internet.

The Telekom outage has heightened concern about insufficient safeguards. In an interview with newspaper Bild published on Wednesday, Interior Minister Thomas de Maiziere called for firms that manufacture IT equipment to be held to greater account.

“Responsibility for digital security is borne by users, company managers, authorities, manufacturers, providers and service providers alike,” he said.

“This involves a fair distribution of loads. This appears to me not always to be a given in the area of end products for the user. Customers, at any rate, need to be able to rely on the security of IT products on the market,” he added.

Thomas Oppermann, a senior lawmaker for the Social Democrats (SPD), Merkel’s junior coalition partner, said Germany needed to introduce liability for IT products and increase the accountability of industry.

Susanne Dehmel, head of security and data protection at IT lobby group Bitkom, said making equipment makers liable would not stop criminal hackers.

“The window manufacturer is not liable if an apartment is broken into or the bicycle lock maker for the theft of bicycles,” she said, adding manufacturers had improved their products in recent years.

“If they had to take responsibility for criminal cyber attacks, serious providers could no longer offer their products in the German market,” she said.

MADE IN GERMANY

The German Office for Information Security (BSI) said the Telekom attack involved Mirai - malicious software designed to turn network devices, in this case internet routers, into remotely controlled “bots” that can be used to mount large-scale network attacks. It suspects a link to organized crime.

Telekom resells routers from more than a dozen mostly Asian suppliers under the brand Speedport. It offered firmware updates on Monday to three models.

Thomas Jarzombek, spokesman for Merkel’s Christian Democrats (CDU) on digital policy, called for Telekom to get rid of “cheap Chinese technology” and instead use routers made in Germany.

“At the moment we are experiencing a loss of control, which must be stopped,” he said.

Jarzombek also suggested imposing a guaranteed right to return products for 10 years, which would require manufacturers to update equipment with new software.

Lars Klingbeil from the SPD said industry should be put under pressure to close security holes.

Germany, home to world leading manufacturers, offers rich pickings for hackers, and attacks on industrial production sites are rising, according to the government’s IT Security Report.

Merkel and Germany’s intelligence chiefs have also warned of the risk of potential Russian interference in the run-up to next year’s election via misleading media stories and cyber attacks.